About users and groups

Group authorizations

When you create a new user, perhaps the easiest way to assign authorizations and permissions to that user is by assigning the user to one or more user groups. This is done using the Users form, when you create the user profile.

Default groups are already set up and delivered in Mongoose; for example, the CoreFormsAdmin and the APPBUILDER-Administrator group. To modify the forms and permissions for an existing group, select the group on the Groups form and click Group Authorizations to open the Object Authorization for Group form.

You can add or delete groups on the Groups form.

Caution:

Although the system allows you to modify or delete default groups that are provided with your application, doing so can cause future conversion problems while upgrading and other problems. We recommend you copy the the default group and give it a new group name, then modify the new group authorizations. We strongly recommend that you NOT delete or modify default groups.

For a list of the default Mongoose groups, open the Groups form, select the group you want to know about, and then click Group Authorizations. This launches the Object Authorization for Group form, which displays the member forms (and/or other objects) for that group.

User authorizations by copying another user's goups

When you create a new user, you can copy the user's group memberships from an existing user. On the Users form, select the user who needs to add groups, and click Copy Groups from User. On the Copy Groups From User form, select the user from whom you want to copy the groups. If multiple groups are listed, you can select the groups that you want to copy to this user. To return to the Users form, click OK. Then save the changes to the new user's record there.

User authorizations

If a user is not assigned to any group, use the Object Authorizations for User form to determine what forms and privileges are available to that user.

How authorizations work together

User groups allow you to determine the authorizations and permissions for multiple users by assigning them all to a single group.

Group authorizations work together. If a user is included in a group where a privilege is granted on a certain form, that granted privilege prevails over any "not granted" setting for the same form in other groups assigned to this user. However, any user authorizations set for individuals always override group authorizations defined for a form.

At the User Authorizations level (Object Authorizations for User form), privileges are either granted or revoked. There is only one set of privileges per form or per component per user. Therefore, if a privilege is revoked at the User Authorizations level, the same privilege cannot be granted at the Group Authorizations level (Object Authorizations for Group form).

User authorizations cannot have multiple privileges for the same form or same component. If a form or component is revoked at the User Authorization level, that revoke setting is used regardless of any group privileges that you specify.

If privileges are left blank at the user authorization level, the user is assigned the permissions defined at the group level.

User Authorization Report

In the User Authorization Report, user and group authorizations for forms and IDOs are grouped together by user ID. Row authorizations are grouped together by user ID and group name, and are sorted by IDO and group name. Options on the form let you choose the specific forms or IDOs you want to see in the report. You can see and compare all authorizations for a single user in the same section of the report. This makes it easier for you to determine whether a user has multiple permissions set differently for the same form, through different groups to which the user is assigned.